hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Release preparation for version 2.18.2"

Browse Source
This commit is contained in:
Alexander Eyers-Taylor
2024-08-07 14:24:37 +01:00
committed by GitHub
parent 26444cb0cd
commit 46577b585e
163 changed files with 180 additions and 425 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/change-notes/2024-07-23-java-sensitivelogging-source.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.

4
java/ql/src/change-notes/2024-07-25-java-error-message-exposure.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.

4
java/ql/src/change-notes/2024-07-30-sensitive-log-whitelist-tokenizer.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.

4
java/ql/src/change-notes/2024-07-30-unused.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.

8
java/ql/src/change-notes/released/1.1.2.md
View File

@@ -1,8 +0,0 @@
## 1.1.2
### Minor Analysis Improvements
* Variables names containing the string "tokenizer" (case-insensitively) are no longer sources for the `java/sensitive-log` query. They normally relate to things like `java.util.StringTokenizer`, which are not sensitive information. This should fix some false positive alerts.
* The query "Unused classes and interfaces" (`java/unused-reference-type`) now recognizes that if a method of a class has an annotation then it may be accessed reflectively. This should remove false positive alerts, especially for JUnit 4-style tests annotated with `@test`.
* Alerts about exposing `exception.getMessage()` in servlet responses are now split out of `java/stack-trace-exposure` into its own query `java/error-message-exposure`.
* Added the extensible abstract class `SensitiveLoggerSource`. Now this class can be extended to add more sources to the `java/sensitive-log` query or for customizations overrides.